Basic 802.1x configuration, Configuration prerequisites, Configuring basic 802.1x functions – H3C Technologies H3C WX3000 Series Unified Switches User Manual
Page 230: 13 configuring basic 802.1x functions -13
23-13
Basic 802.1x Configuration
Configuration Prerequisites
z
Configure ISP domain and the AAA scheme to be adopted. You can specify a RADIUS scheme, a
HWTACACS scheme, or a local scheme.
z
Ensure that the service type is configured as lan-access (by using the service-type command) if
local authentication scheme is adopted.
Configuring Basic 802.1x Functions
Follow these steps to configure basic 802.1x functions:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Enable 802.1x globally
dot1x
Required
By default, 802.1x is disabled globally.
In system
view
dot1x
[ interface interface-list ]
interface
interface-type
interface-number
dot1x
Enable
802.1x
for
specified
ports
In port view
quit
Required
By default, 802.1x is disabled on all ports.
Set port authorization
mode for specified ports
dot1x port-control
{ authorized-force |
unauthorized-force
| auto }
[ interface interface-list ]
Optional
By default, an 802.1x-enabled port
operates in the auto mode.
Set the access control
method for specified ports
dot1x
port-method { macbased |
portbased
} [ interface
interface-list
]
Optional
The default access control method on a
port is MAC-based (that is, the macbased
keyword is used by default).
Set authentication
method for 802.1x users
dot1x authentication-method
{ chap | pap | eap }
Optional
By default, the device performs CHAP
authentication in EAP terminating mode.
Enable online user
handshaking
dot1x handshake enable
Optional
By default, online user handshaking is
enabled.
Enter Ethernet port view
interface interface-type
interface-number
—
Enable the handshaking
packet secure function
dot1x handshake secure
Optional
By default, the handshaking secure
function is disabled.